From: Djalal Harouni <tixxdz@opendz.org>
Date: Sun, 9 Oct 2016 10:28:25 +0000 (+0200)
Subject: core: check protect_kernel_modules and private_devices in order to setup NNP
X-Git-Tag: v232~96^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4084e8fc8947566092fd4ee5a07405570fdbf84d;p=thirdparty%2Fsystemd.git

core: check protect_kernel_modules and private_devices in order to setup NNP
---

diff --git a/src/core/execute.c b/src/core/execute.c
index dc078d96f0d..71439bc3c2b 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2115,6 +2115,8 @@ static bool context_has_no_new_privileges(const ExecContext *c) {
                 c->memory_deny_write_execute ||
                 c->restrict_realtime ||
                 c->protect_kernel_tunables ||
+                c->protect_kernel_modules ||
+                c->private_devices ||
                 context_has_syscall_filters(c);
 }